Error message exposes domain Id when deployVirtualMachine() is attempted on a shared network to which the user doesnot have access to.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2025-11-03 04:12:31 +01:00 · 2014-09-17 15:34:12 -07:00 · 2014-09-17 15:34:12 -07:00 · 0d36f2e4b5
commit 0d36f2e4b5
parent bfcdbeca29
2 changed files with 13 additions and 2 deletions
--- a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
+++ b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
@ -28,9 +28,11 @@ import org.apache.cloudstack.affinity.AffinityGroup;
 import org.apache.cloudstack.affinity.AffinityGroupService;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDao;

+import com.cloud.domain.DomainVO;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
+import com.cloud.utils.exception.CloudRuntimeException;

@Component
@Local(value = SecurityChecker.class)
@ -58,7 +60,12 @@ public class AffinityGroupAccessChecker extends DomainChecker {

            if (group.getAclType() == ACLType.Domain) {
                if (!_affinityGroupService.isAffinityGroupAvailableInDomain(group.getId(), caller.getDomainId())) {
-                    throw new PermissionDeniedException("Affinity group is not available in domain id=" + caller.getDomainId());
+                    DomainVO callerDomain = _domainDao.findById(caller.getDomainId());
+                    if (callerDomain == null) {
+                        throw new CloudRuntimeException("cannot check permission on account " + caller.getAccountName() + " whose domain does not exist");
+                    }
+
+                    throw new PermissionDeniedException("Affinity group is not available in domain id=" + callerDomain.getUuid());
                } else {
                    return true;
                }
--- a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@ -1592,8 +1592,12 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {

        } else {
            if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) {
+                DomainVO ownerDomain = _domainDao.findById(owner.getDomainId());
+                if (ownerDomain == null) {
+                    throw new CloudRuntimeException("cannot check permission on account " + owner.getAccountName() + " whose domain does not exist");
+                }
                throw new PermissionDeniedException("Shared network id=" + ((NetworkVO)network).getUuid() + " is not available in domain id=" +
-                    owner.getDomainId());
+                        ownerDomain.getUuid());
            }
        }
    }